WIRED: You Need to Update iOS, Android, and Chrome Right Now

WIRED: You Need to Update iOS, Android, and Chrome Right Now. “APRIL HAS BEEN a big month for security updates, including emergency patches for Apple’s iOS and Google Chrome to fix vulnerabilities already being used by attackers. Microsoft has released important fixes as part of its mid-April Patch Tuesday, while Android users across multiple devices need to make sure they are applying the latest update when it becomes available. Here are all the April updates you need to know about.”

Vice: Google Is Forcing Me to Dump a Perfectly Good Phone

Vice: Google Is Forcing Me to Dump a Perfectly Good Phone. “Despite being just three years old, no Pixel 3 will ever receive another official security update. Installing security updates is the one basic thing everyone needs to do for their own digital security. If you don’t even get them, then you’re vulnerable to every security flaw discovered since your last patch. In response to an email asking Google why it stopped supporting the Pixel 3, a Googles spokesperson said, ‘We find that three years of security and OS updates still provides users with a great experience for their device.’” I’m using an iPhone 7 Plus as my phone. It came out in 2016.

The Register: Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops

The Register: Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops. “Microsoft has patched the patch that broke chunks of Windows and emitted fixes for a Patch Tuesday cock-up that left servers rebooting and VPNs disconnected. There was a time when out-of-band updates from Microsoft were considered a rarity. Not so much these days.”

Bleeping Computer: US emergency directive orders govt agencies to patch Log4j bug

Bleeping Computer: US emergency directive orders govt agencies to patch Log4j bug. “US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days. The order comes through an emergency directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) today.”

SecurityWeek: Researcher Shows Windows Flaw More Serious After Microsoft Releases Incomplete Patch

SecurityWeek: Researcher Shows Windows Flaw More Serious After Microsoft Releases Incomplete Patch. “Tracked as CVE-2021-34484, the bug is described by Microsoft as a Windows User Profile Service elevation of privilege, and requires local, authenticated access for exploitation. All versions of Windows, including Windows Server, are affected. The security error resides in the User Profile Service, affecting code designed for creating a temporary user profile folder when the original profile folder is damaged.”

TechRepublic: US government orders federal agencies to patch 100s of vulnerabilities

TechRepublic: US government orders federal agencies to patch 100s of vulnerabilities. “In the latest effort to combat cybercrime and ransomware, federal agencies have been told to patch hundreds of known security vulnerabilities with due dates ranging from November 2021 to May 2022. In a directive issued on Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) ordered all federal and executive branch departments and agencies to patch a series of known exploited vulnerabilities as cataloged in a public website managed by CISA.”

BetaNews: Microsoft releases KB5005565 and KB5005566 Windows 10 updates to fix PowerShell bug and more

BetaNews: Microsoft releases KB5005565 and KB5005566 Windows 10 updates to fix PowerShell bug and more . “With another Patch Tuesday rolling around, Microsoft has released a pair of new updates for Windows 10 — KB5005565 and KB5005566. Serving the same purpose, KB5005566 is available for Windows 10 version 1909, and KB5005565 is available for Windows 10 versions 2004, 20H2 and 21H1. These cumulative updates include security fixes, so they are important to install, but they also address non-security bugs including one affecting PowerShell.”

Ubergizmo: Microsoft, Google Release Urgent Update That Patches Browser Vulnerability

Ubergizmo: Microsoft, Google Release Urgent Update That Patches Browser Vulnerability. “If you are using either Microsoft Edge or Google’s Chrome, then you might want to update your browsers ASAP. This is because both companies have pushed out an urgent update for both their browsers due to a Level 4 Drive-by exploit that has been discovered that could lead to disastrous consequences.” I have yet to see a patch, but I’m on Linux, so YMMV.

BetaNews: PrintNightmare fixing KB5005033 update is causing performance issues in Windows 10

From BetaNews with a side order of head-desk: PrintNightmare fixing KB5005033 update is causing performance issues in Windows 10. “Windows 10 users who have installed the KB5005033 update that was supposed to fix the PrintNightmare security flaw are reporting unwanted side effects. Among the problems being reported are issues with reduced performance, particularly in games.”

BetaNews: Microsoft finally fixes PrintNightmare vulnerability with KB5005031 and KB5005033 updates

BetaNews: Microsoft finally fixes PrintNightmare vulnerability with KB5005031 and KB5005033 updates. “To help address the ongoing problems with the so-called PrintNightmare vulnerability (CVE-2021-34527), Microsoft has announced a change to the default behavior of the Point and Print feature in Windows. The change has been delivered via the KB5005033 and KB5005031 update and means that in order to install printer drivers, users will have to have administrative privileges.”

Neowin: Windows 7 and 8.1 Patch Tuesday updates are out, here’s what’s new

Neowin: Windows 7 and 8.1 Patch Tuesday updates are out, here’s what’s new. “It’s the second Tuesday of the month, which is when all supported Windows versions receive cumulative updates. This includes supported Windows 10 versions such as the three latest versions based on the same codebase, Windows 8.1, and Windows 7 users who have opted for extended security updates (ESU). Unlike Windows 10, Windows 7 and 8.1 users receive one update a month, with there being some exceptions for when there are critical vulnerabilities.”

Bleeping Computer: Windows PetitPotam vulnerability gets an unofficial free patch

Bleeping Computer: Windows PetitPotam vulnerability gets an unofficial free patch. “A free unofficial patch is now available to block attackers from taking over domain controllers and compromising entire Windows domains via PetitPotam NTLM relay attacks. The PetitPotam attack vector that forces Windows machines to authenticate against threat actors’ malicious NTLM relay servers using the Microsoft Encrypting File System Remote Protocol (EFSRPC) was disclosed last month by security researcher Gilles Lionel (aka Topotam).”

BetaNews: Microsoft releases KB5005392 and KB5005394 emergency patches for Windows printer and scanner problems

BetaNews: Microsoft releases KB5005392 and KB5005394 emergency patches for Windows printer and scanner problems. “There have been a spate of problems with printing in Windows recently, including issues introduced by updates from Microsoft. The most recent problems came for people who installed updates released this Patch Tuesday. Some found they were unable to print or scan after installing the updates, and now Microsoft has released a couple of out-of-band patches — KB5005394 for Windows 10 and KB5005392 for Windows 7.”